[xmlsec] Is certificate needed when signing?

wz qiang weizhongqiang at gmail.com
Mon Jul 7 07:51:10 PDT 2008

In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html

Before siging a node,

    /* load private key, assuming that there is not password */
    dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
    if(dsigCtx->signKey == NULL) {
        fprintf(stderr,"Error: failed to load private pem key from
\"%s\"\n", key_file);
	goto done;

    /* load certificate and add to the key */
    if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
xmlSecKeyDataFormatPem) < 0) {
        fprintf(stderr,"Error: failed to load pem certificate
\"%s\"\n", cert_file);
	goto done;

I wonder whether the second step (load certificate) is needed for signing?
In principle, private key is enough, right?  I also test with loading
certificate and without loading certificate, both signature can be verified.

Appretiate in advance

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080707/2a57a215/attachment-0002.htm

More information about the xmlsec mailing list